CVE-2019-2131

HIGH Year: 2019
CVSS v3 Score
7.8
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-1188
View all →

Vulnerability Description

An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119115683.

Related Vulnerabilities

CVE-2008-3278

HIGH
CVSS:7.8(High)

frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep...

CWE-11882008

CVE-2018-17485

HIGH
CVSS:7.8(High)

Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.

CWE-11882018

CVE-2018-17497

HIGH
CVSS:7.8(High)

eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.

CWE-11882018

CVE-2018-20052

HIGH
CVSS:7.8(High)

An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privilege...

CWE-11882018

CVE-2018-3667

HIGH
CVSS:7.8(High)

Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.

CWE-11882018

CVE-2018-5841

HIGH
CVSS:7.8(High)

dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (And...

CWE-11882018